US government pushing again on encryption bypass
FBI chief and deputy CTO bring issue back to the table
Just a few weeks after the US government effectively conceded defeat in its efforts to force tech companies to introduce backdoors into their software, the issue is being pulled back onto the table.
Both FBI director James Comey and deputy CTO Ed Felten have reopened discussions: Comey stating that tech companies like Apple and Google should simply stop offering end-to-end encryption; Felten asking for people to send in their comments on this "critical conversation."
The moves follow a number of responses from politicians after gun attacks in Paris and California, including President Obama, Hillary Clinton, and Manhattan District Attorney Cyrus Vance.
Despite there being no evidence as yet that encryption had a role to play in the shootings, public concern over both has led for calls to limit the degree of privacy afforded all users of mobile phones.
Law enforcement officials have been quite blunt in requesting access to companies' encryption systems.
"It's not a technical issue," Comey told the Senate Judiciary Committee this week. "There are plenty of companies today that provide secure services to their customers and still comply with court orders. There are plenty of folks who make good phones and are able to unlock them in response to a court order. In fact, the makers of phones that today can't be unlocked, a year ago they could be unlocked."
But the introduction of backdoors is something that the tech industry has persistently pointed out requires a level of "magical thinking," since any hole in an encryption system makes it inherently insecure.
Meanwhile, politicians have sought to avoid technical realities in their calls for access to people's data by simply talking about how tech companies are the "best and most creative in the world" and imploring them to come up with some as-yet unknown system that allows data to be provided to the "right" people.
All this is some way from the tenor of discussions just a few weeks ago, when President Obama stated that the White House would not be seeking legislation to force companies to introduce backdoors. Tech companies made it quite plain they were determined to provide full end-to-end encryption, and even the FBI's general counsel admitted that the backdoor envisioned by the federal agency may be "scientifically and mathematically not possible."
The lead proponent for breaking end-to-end encryption, FBI head Comey, was also the person who kicked off the debate in October last year. "What concerns me about this is companies marketing something expressly to allow people to place themselves above the law," he argued at the time, earning the ire of Apple and Google, among others.
No back door
This week, Comey said that "the government doesn't want a back door," but it still wants some way to get a hold of data held primarily on phones. He told the Senate Judiciary Committee: "The government hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that."
The same argument was put forward by Felton, who referenced a national address by the President over how the US government would handle the Islamic State.
"This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online," reads Felton's plea. "That is why, in his address to the nation on Sunday, the President reiterated the Administration's call for America's technology community and law enforcement and counter-terrorism officials to work together to fight terrorism."
Meanwhile, Comey used an example of a shooting in Texas back in May to explain why not having access was a problem. There were 109 text messages on one of the attacker's phones that the FBI was not able to access, he noted, claiming that they were exchanged "with an overseas terrorist."
All of this is clearly an effort to pressure tech companies to backtrack on the end-to-end encryption that is offered in the latest operating systems before it becomes an accepted norm.
Having ruled out legislation, the White House and FBI are putting pressure on the tech companies to backtrack and are using Congressional hearings and the pretext of wanting to "hear from you on encryption" to move the needle.
So far there has been no public comment from the tech companies in response to this second wave of pressure, although many privacy advocates remain steadfast in their opposition to any system that would allow ready access to private communications.
It is worth noting that Google, Apple, Facebook, et al decided to introduce end-to-end encryption for their customers and on their own networks in response to revelations by Edward Snowden that the US security services were taping everyone's communications, including the tech companies' own data centers.
It is also worth noting that despite the recent shootings in Paris and California being used as an argument for why full encryption should not be allowed, there remains no evidence that encryption played a part in those attacks and the information that has come out about their communications – so far, at least – showed that it was carried out in the open. ®